Blog

This Windows Bug Has Been Exploited for Years

Posted By Remote Techs On 06-November-2024

The biggest fear of any business owner is accidentally handing over sensitive data or program access to online hackers. This threatens the business’s reputation, employees, and customers. Unfortunately, anything from system crashes to vulnerabilities can cause this, and a longstanding Windows bug proves that.

What Are SmartScreen and SAC?

If you’re a business owner who relies on Windows daily, you’re likely familiar with Microsoft’s SmartScreen. This security feature, onboarded with Windows 10, checks the reputation of each downloaded app and visited website’s URL and warns you of any concerns. Similarly, Smart App Control (SAC), which comes standard with Windows 11, checks for signatures on an app before running it on your system.

For instance, if an application, URL link, or file has a longstanding, positive reputation with signatures, the security measures won’t take further action. If they don’t, SmartScreen or SAC uses a so-called Mark of the Web (MoTW) flag to warn you about the item in question. While Microsoft has made numerous patches for these security measures during updates, these programs still have errors, some of which are now abounding.

The Methods Used in Overriding These Security Applications

Researchers from Elastic Security Labs believe hackers have been exploiting a Windows bug since 2018 in one of two ways. First, they will attempt to use a code-signing certificate to “validate” the malware and raise its reputation so that it passes these security checks. Barring that, they create non-standard target paths in an LNK file (a shortcut for opening a file, folder, or application) so that Microsoft Explorer modifies and accidentally bypasses the MotW label and marks it as safe.

Other methods online attackers have been using to get business owners to open files with dangerous binaries and applications include:

  • Reputation hijacking, where a threat actor uses an established app and repurposes it so it carries malware, while the positive reputation gets it past security
  • Reputation seeding, where attackers inject a new script host binary with vulnerabilities into your system that they can take advantage of or ones with malicious codes that they can later activate
  • Reputation tampering, where hackers alter legitimate codes or binaries without risking the file losing its positive reputation

What You Should Do To Stay Safe

Windows users like you may be up in arms over this discovery, but there’s plenty you can do to stay safe. For instance, Microsoft regularly releases patches with updates, so turn on automatic updates so that your SAC and SmartScreen features will no longer fall victim to this glitch. Otherwise, remain on the lookout for recent patches so you can manually update to lower vulnerabilities that encourage malware.

Until a patch is available (and even after), your in-house security or IT team should inspect and troubleshoot all downloads within their detection stack. That way, they won’t depend solely on these built-in, fallible security applications.

You can protect your business and clients even with rising Windows threats by staying alert and informed.

 

Used with permission from Article Aggregator